Lucene search
K

1572 matches found

OpenVAS
OpenVAS
added 2026/02/02 12:0 a.m.1 views

SUSE: Security Advisory (SUSE-SU-2026:0333-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS5.2AI score0.00844EPSS
Exploits1References7
OpenVAS
OpenVAS
added 2026/02/02 12:0 a.m.1 views

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2026-1187)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.7AI score0.01744EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2026/02/02 12:0 a.m.2 views

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2026-1136)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.7AI score0.01744EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/31 12:0 a.m.5 views

SUSE SLES12: libopenssl-1_0_0-devel / libopenssl-1_0_0-devel-32bit / etc (SUSE-SU-2026:0333-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0333-1 advisory. - CVE-2025-68160: Heap out-of-bounds write in BIOflinebuffer on short writes bsc1256834. - CVE-2025-69420: Missing ASN1TYPE validation in...

7.5CVSS6.7AI score0.00844EPSS
Exploits1References13
OSV
OSV
added 2026/01/30 9:1 a.m.2 views

SUSE-SU-2026:0346-1 Security update for openssl-1_1

This update for openssl-11 fixes the following issues: - CVE-2026-22795: Missing ASN1TYPE validation in PKCS12 parsing bsc1256839. - CVE-2025-69420: Missing ASN1TYPE validation in TSRESPverifyresponse function bsc1256837. - CVE-2025-69421: NULL Pointer Dereference in PKCS12itemdecryptd2iex functi...

7.5CVSS5.9AI score0.00844EPSS
Exploits1References15
SUSE CVE
SUSE CVE
added 2026/01/30 12:27 a.m.8 views

SUSE CVE-2025-69421

Issue summary: Processing a malformed PKCS12 file can trigger a NULL pointer dereference in the PKCS12itemdecryptd2iex function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS12 files. The PKCS12itemdecryptd2iex...

6.2CVSS6.2AI score0.00844EPSS
Exploits1References23
GithubExploit
GithubExploit
added 2026/01/28 12:44 p.m.592 views

Exploit for CVE-2025-15467

CVE-2025-15467 Stack buffer overflow in OpenSSL CMS AuthEnvel...

6.3AI score0.47621EPSS
Exploits7
RedHat Linux
RedHat Linux
added 2026/01/28 9:6 a.m.24 views

openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing

A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax CMS message with an oversized Initialization Vector IV when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated...

8.8CVSS6.3AI score0.47621EPSS
Exploits7References4
RedHat Linux
RedHat Linux
added 2026/01/28 9:6 a.m.6 views

openssl: OpenSSL: Denial of Service via NULL pointer dereference in QUIC protocol handling

A flaw was found in openssl. A remote attacker could trigger a NULL pointer dereference by sending an unknown or unsupported cipher ID during the client hello callback in applications using the QUIC Quick UDP Internet Connections protocol. This vulnerability, occurring when the SSLCIPHERfind...

5.9CVSS5.7AI score0.00748EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/01/28 12:0 a.m.4 views

RHEL 9 : openssl (RHSA-2026:1503)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:1503 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...

9.8CVSS7.4AI score0.47621EPSS
Exploits7References6
Tenable Nessus
Tenable Nessus
added 2026/01/28 12:0 a.m.1 views

RHEL 8 : openssl (RHSA-2026:1475)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:1475 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...

7.5CVSS6.8AI score0.01744EPSS
Exploits0References5
OSV
OSV
added 2026/01/27 9:30 p.m.5 views

USN-7980-2 openssl, openssl1.0 vulnerabilities

USN-7980-2 fixed vulnerabilities in OpenSSL. This update provides the corresponding updates for CVE-2025-68160 for openssl and openssl1.0, CVE-2025-69418 for openssl on Ubuntu 18.04 LTS and Ubuntu 20.04 LTS, CVE-2025-69419 for openssl on Ubuntu 18.04 LTS and Ubuntu 20.04 LTS, CVE-2025-69420 for...

7.5CVSS6.7AI score0.00844EPSS
Exploits1References8
OSV
OSV
added 2026/01/27 4:16 p.m.4 views

ALPINE-CVE-2026-22796

Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS7 data where an ASN1TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS7 data. Impact summary: An application...

5.3CVSS5.9AI score0.00502EPSS
Exploits1References1
OSV
OSV
added 2026/01/27 4:16 p.m.5 views

AZL-75893 CVE-2026-22795 affecting package edk2 20240524git3e722403cd16-14

Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS12 file. Impact summary: An application processing a malformed PKCS12 file can be caused to dereference an invalid or NULL pointer on memory read, resulting in a Denial of Service. A type...

5.5CVSS5.7AI score0.00144EPSS
Exploits1References1
OSV
OSV
added 2026/01/27 4:16 p.m.6 views

AZL-78579 CVE-2026-22796 affecting package openssl-fips-provider 3.1.2-1

Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS7 data where an ASN1TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS7 data. Impact summary: An application...

5.3CVSS5.7AI score0.00502EPSS
Exploits1References1
OSV
OSV
added 2026/01/27 4:16 p.m.9 views

AZL-75290 CVE-2025-69419 affecting package openssl for versions less than 3.3.5-3

Issue summary: Calling PKCS12getfriendlyname function on a maliciously crafted PKCS12 file with a BMPString UTF-16BE friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption...

7.4CVSS7.2AI score0.00444EPSS
Exploits1References1
OSV
OSV
added 2026/01/27 4:16 p.m.8 views

AZL-75783 CVE-2025-69418 affecting package openssl for versions less than 1.1.1k-38

Issue summary: When using the low-level OCB API directly with AES-NI orother hardware-accelerated code paths, inputs whose length is not a multipleof 16 bytes can leave the final partial block unencrypted and unauthenticated.Impact summary: The trailing 1-15 bytes of a message may be exposed...

4CVSS7AI score0.00115EPSS
Exploits1References1
OSV
OSV
added 2026/01/27 4:16 p.m.7 views

AZL-75284 CVE-2025-66199 affecting package openssl for versions less than 3.3.5-3

Issue summary: A TLS 1.3 connection using certificate compression can be forced to allocate a large buffer before decompression without checking against the configured certificate size limit. Impact summary: An attacker can cause per-connection memory allocations of up to approximately 22 MiB and...

5.9CVSS6AI score0.00403EPSS
Exploits1References1
OSV
OSV
added 2026/01/27 4:16 p.m.6 views

CVE-2025-66199

Issue summary: A TLS 1.3 connection using certificate compression can be forced to allocate a large buffer before decompression without checking against the configured certificate size limit. Impact summary: An attacker can cause per-connection memory allocations of up to approximately 22 MiB and...

5.9CVSS6AI score
Exploits0References5
OSV
OSV
added 2026/01/27 4:16 p.m.8 views

CVE-2025-15467

Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS...

8.8CVSS7.3AI score0.47621EPSS
Exploits7References9
Rows per page
Query Builder